Sunday, September 24, 2006

Übervirality

Got my aunt's PC today - on the usual familiy-needs-my-digital-fingers quest. This time, the machine had all but closed down on her. And, when I got it jacked in to check myself, I was pretty taken aback by the magnitude of the problem, considering that she has had 2 adware-stoppers and one extensive virus guard installed all along.

Somehow, she manages to get her PC into trouble all the fucking time. If it's not the printer bugging out, it's her mail account - or the update services on Windows. I myself have only run rare occassional virus checks and adware purges - yet I have only had a problem once in 8 or 9 years.

Anyway, I confidently sat down and began deconstructing the problem. It was much harder than expected. I was up against an intelligent bug this time. Shy and stealthy, yet aggressive when taunted. First of all, the browser spawned ad-related windows constantly and the machine denied access to the anti-virus software already installed. It simply exited the applications. I have yet to understand why the AV program has not updated itself prior to infection and caught the bug, but since Auntie has only just had broadband installed, it may have been manually configured.

It quickly became clear that this was more or less impossible to solve elegantly. IE denied me access to all virus-related (free) websites (Kaspersky, Pandasoftware, AVG, you name them). It even shut down Google queries containing the word "virus" or "malware"..! Luckily, I remembered TrendMicro's Housecall - an online virus scanner that I have used regularly. Through Google the query provided a link that was the direct "start scan" link to the online scanner. Very lucky, since all other TrendMicro links were shut down immediately by the bug(s).

The scan resulted in something like 5 trojans, considered severe (all of the AdLoad type), and something like 20 different adware bugs, more or less icky. I felt lost and cornered by evil, hollow horses of wood. I asked Housecall to remove and/or quarantine the various bugs. Of course, this was not possible with several of them - and when Housecall seemed to stop responding to my panic-striken attempts to "force" the deletion, I was basically back to square one. When I rebooted the computer the bugs were still there and this time Housecall did not register anything wrong. My respect, albeit hostile, for the über-bug in question deepened. Apparently, it had managed to register the online scanning being made and then circumvented that same "engine" or whatever. Can they really do this? I'm getting scared, goddammit - I think I'll be keeping a closer lookout for my own machine from now on, since this is too much Asimov-come-Matrix for my liking...

Outcome: the PC is getting the FDISK axe, after I manage to export all the relevant data. Even if I solve the most annoying issue, I still have 25 other bugs that may still be lurking in the darkness of my Auntie's registry...